Pro-106 Encrypted P25 System Decoding

[RickS31]

Anybody remember way back when... we were told NO scanner would ever be able to follow the new 800 Mhz trunking systems? And not that I agree or disagree... just because something is against the law doesn't mean it can't be done. Wasn't there something about "you can't listen to cell phones on your scanner" too?!

Except now the encryption, including cell phones, pretty much prevent you from listening to any of it. I'm not saying you can't, with a lot of effort and money, you can't decrypt it. I'm just saying there is absolutely no scanner maker or software writer (legitimate) that would openly do it. I personally wouldn't like to risk the legal repercussions for doing so. Can we say Federal Prison sentence?

 

[davidgcet]

just so you know, Moto came out with their version of trunking in the early 80's. a trunking capable scanner did not come out until the mid '90's. i remember the local county went to a Moto SMR and the sales guy swore to them no one could follow a conversation. as he was reiterating this to the main customer contact one of the deputies pulled up and asked if we could help him program his brand new trunk tracker scanner. the sales guy about died of a stroke right there!

 

[SAR923]

Trunking scanners didn't come out until there were enough trunked systems on-line to reach critical mass. That's when it became profitable to make a trunk tracking scanner. One could have been made soon after Motorola came out with their first Type 1 system, but very few people would have been willing to pay $500 for a trunking scanner when trunking was still years away from their neck of the woods. The same is true with digital scanners. Most trunking systems are either open source or the maker is willing to license the technology. For systems like Pro-Voice, Open Sky, Tetra, Moto FDMA...etc., manufacurers are making sure that thier sales people can say their system can't be scanned with a consumer grade radio and not be laughed at this time. 9/11 plus hobbyists giving the figurative raspberry to outfits like Motorola and MA/Comm have led to where we are today. Make the trunking algorithm proprietary, difficult to decode, and sue anyone who might succeed (or even try) for patent violations. We have seen the enemy, and it is us.

 

[mancow]

The encryption debate is ignorant.

It's mathematics. It can't be done in a practical manner regardless of how many people get together and wish and hope on the web. It would be nice if the issue would finally be accepted and forgotten.

 

[Token]

And not that I agree or disagree... just because something is against the law doesn't mean it can't be done. Wasn't there something about "you can't listen to cell phones on your scanner" too?!

I'd love to see you listen to any new cellphone on your scanner.

While I agree it is impractical to ever expect the ability to decode encrypted P25 (or modern cell phone) on a scanner I think maybe the point K4IHS was making got missed. He said two things, one about technologies in general and another about cell phones.

Technologies in general applies to the "just because something is against the law doesn't mean it can't be done". For example, it has always been illegal to decrypt encoded transmissions not meant for you. This includes things like C band and Ku band satellite signals ranging from simple inversion techniques to complex digital encryption. Pretty common for those all to be hacked...illegal or not. And when VideoCipher first came out it was stated often that this would not be possible and it was illegal to boot...but they had to bring out VC II...and then VC II+...and they all got hacked. Technologies change, and what is unbeatable today may be childs play a few years from now.

After the ECPA was enacted and it became illegal to monitor cell phones (or produce a scanner capable of monitoring cellular telephone) cell phones were still analogue, and some phone dealers and companies actually did say it was impossible for someone with a scanner to listen to your phone. News and tech articles jumped on that band wagon also. It was actually years after that point before most phones went digital, yet the statement "you can't listen to cell phones on a scanner" was common.

While shopping for a new phone in the early or mid 90's I remember being told "it is impossible for anyone with a scanner to listen to this phone", but the phone was backwards compatible to the 1G standard, and most cell sites were still 1G at the time. So, while it might not have been monitorable on a 2G site, anytime it was on a 1G site (most of the time) it would just have been a simple FM transmission.

Somewhat related, and along the lines of what you said. Today every system is 2G or better, 1G is no longer supported. And that means it is essentially impossible to listen to a cell phone with a simple scanner or radio. But, it is still illegal to produce and sell to the general public in the USA a radio capable of receiving the 800 and 900 MHz frequencies analogue cell phones operate on...to "protect" the users. However, it is not illegal to make or sell a receiver that can receive the other 2G or newer bands, in the 1700 to 2500 MHz range or the 700 MHz range.

An example of a capability once lost is seldom regained. Once a law makes something illegal it almost never makes it legal again.

T!

 

[fourthhorseman]

Of course... You just have to have the necessary software. Whoever told you it cannot was simply not aware of what was involved. Any quotes here to track that down? Who did you ask?

it was qiute some time back,,lol,,at least 300 posts ago..

but looking into it and now i agree,,at the time,hearing P25 with an analog radio receiver,was pie in the sky,,,\
similar to what WAS said about OPENSKY...and whats Now being said about encryption..

but technologies and consumer skill levels are soaring..a year ago,,boom heres DSD and you can linux up a machine and if your skilled(i am not) your decoding..

NOT TO START A WHOLE KERFUFFELL OVER LEGALITY....

think about it,,all thats needed is for the interest to be there in the younger generations,apply the same
knowledge and effort thats applied to cracking new software,creating KEYGENS and patches..

sure its not the same,far from it,,but the premise is parallel..Ever see war games,,Would YOU like to play a game,,ever hear of the phone phreakers,,to hell with hashes,keys,handshakes and the sort,,,its just a matter of time before encryption can be cracked,,the NSA can do it,so guess what..so can a 16yo with a garage full of cocacola and a lust for being famous,,and Infamous!

its the pure fact of the matter,,its not If it can be done,its just how long Until it can be done..

 

[davidgcet]

ignoring the legal aspects, you are correct that it can be cracked with time. BUT many use keys that change often and unless you know all the keys you just have to start cracking again. of course, if you figure out how to decode the key push as it is made OTA you can keep up, but in cases where each change is done via physical programming you be SOL. the more secure encryption schemes could take years to crack the key, hopefully they don't change it on you right after you get it.

 

[rdale]

its the pure fact of the matter,,its not If it can be done,its just how long Until it can be done..

Again, you don't know the facts if that is what you concluded. It cannot be done now, and never will be.

 

[fourthhorseman]

true,but again,i revert to the concept of a software keygenerator,,
as fast as you can click you can switch serials-keys,,

so along the same line,automated by a piece of software,,eventually
the keys can be figured out,by algorithm or some wizardry like that
(getting out of my depth here on the tech aspects,im a theory man!..LOL)
principally the same could be done with a fast as hell machine..

coupled with an increasing number of former military with inside knowledge
of hardware,software and the application of it.
you can bet your dimes n doughnuts that a whole new wave of hammers,scanners
and hobbyists are poised to usher in a new stream of ideas and skillsets-again,this is fact
one of the reasons mil-govt hardware filters in to the consumer market..
We think of it,the smarter part of We think of how to do it,and the smart
And Motivated part of We gets it done...tis the way of the world...

like was stated before,,,trunking was once out of reach, and cell phones,
and digital-p25...

as octopusses evolved to squirt ink,,we will hear encrypted comms,,,youll never be
able to admit it,people will still be scorned by suggestion or mention it,but in reality,
it could be right around the corner and We just dont know it..

sorry for teh long winded-ness,i just feel its a waste to just shut it down by saying,No,,its Illegal,
or No,,it cant be done,so forget it.

and really,,,if you want secure communications,,use UPS,,,You even get tracking...Lol..

 

[JoeyC]

yadda yadda.....

as octopusses evolved to squirt ink,,we will hear encrypted comms,,,youll never be
able to admit it,people will still be scorned by suggestion or mention it,but in reality,
it could be right around the corner and We just dont know it..

sorry for teh long winded-ness,i just feel its a waste to just shut it down by saying,No,,its Illegal,
or No,,it cant be done,so forget it.

and really,,,if you want secure communications,,use UPS,,,You even get tracking...Lol..

You can hope and wish for a 30 minute flight from NYC to LA or for daily nonstop service to Mars, but its just not gonna happen. Not in your lifetime or anyone elses.

 

[rdale]

so along the same line,automated by a piece of software,,eventually
the keys can be figured out,by algorithm or some wizardry like that
(getting out of my depth here on the tech aspects,im a theory man!..LOL)
principally the same could be done with a fast as hell machine..

That all sounds nice in theory, but it cannot be done in the real world. It has nothing to do with legal/illegal.

IT CANNOT BE DONE.

 

[davidgcet]

with billions of codes, time to write them to the RX, realize that one does nto work, and then move on to the next code would take YEARS. even if you did 1 a second it would take a couple decades to go thru all possible codes! and soon as you get it, all they have to do is change the code and you start over again.

 

[geoff5093]

with billions of codes, time to write them to the RX, realize that one does nto work, and then move on to the next code would take YEARS. even if you did 1 a second it would take a couple decades to go thru all possible codes! and soon as you get it, all they have to do is change the code and you start over again.

Maybe you will get really lucky and the first code you try will be it!

 

[fourthhorseman]

thats cool,but the same thoughts were given when the famous
world is round proposal was given,

just because you cant see it,dose not mean its not possible,

and frankly,attitudes like that lead to complacency,,,which in turn will only
lead to the results i a fore posted..only a matter of time...

and really,,lol Decades?
tell that to wi-fi hackers world wide..sure,its not the same,but my gosh,,..

and in turn,
If the NSA wanted to get into another nations Digi-Encrypted Comms,they would
be out of luck at least for a decade or 2..this seems inaccurate,,i mean,dose
motorola have a back door into its radios security protocalls?that,to me is an easy
weakness to exploit.
By Anyone.
in that case your not searching gah-jillions of variables,just looking for 1.

as long as you try to lock somone out,it only makes getting in that much
more desireable..

not to fuel anger,but creating false absolutes is ridicules,in 2010 we should be
past this restricted thinking,,


and im not just meaning about this sublect matter,but in advancment across the spectrum,,.
(Pun-Intended)

 

[DonS]

People who think today's encryption methods can be "cracked" by someone sitting at home with a PC or fifty have a bit in common with those who hope to get rich by purchasing Lottery tickets.

 

[davidgcet]

DonS, agreed 100%!

a billion codes, at a rate of 1 tried per second would be 3 decades 4 yrs 5 months 1 wk 3 days 1 hr 46 min 40 sec, so yes decades. add in the fact that you require more than 1 second to try each code, and it really extends out there. so if you tried 100 machines simulataneously you might get it in under a year, but again each type of ecnryption uses custom codes. i think the part you don't understand is that just because agency A uses key XYZ on channel 1 does not mean they use it for chan 2 nor that agency B uses the same key even though they use the same encryption scheme. an APX mobile can have 5 encryption types and (i think) 48 different keys loaded at any one time. and with OTAR the keys can be changed every little while on the fly. if they roll thru various codes on a schedule you could chance upon a vlid key combo but try to use it on the wrong day and not realize you have one of the correct ones!

sorry, but it is simple math and laws of probability say your odds are not good at all, probably better odds to get hit by a meteorite and then struck by lightning 5 seconds later than ever successfully decrypted any of the main schemes.

and no, Moto does not have a backdoor to get past encryption. they get the key from the customer should the need arise. they don't need it for repairs of subscriber units, as they can load default test keys.

 

[RadioDaze]

Let's, for a moment, grudgingly accept the speculation that it WILL somehow be possible.

Exactly WHO among us is actually going to be able to listen to cracked encryptions? You won't be able to buy a scanner that does that. Not EVER. So where does that leave all of us as far as our hobby goes?

Totally screwed.

So to all who say "Will I ever be able to listen to my encrypted PD again?", the answer is NO.

Now go do something constructive and get yourselves a job with the PD. Or get yourselves arrested. Then you can sit in either the front or the back of the police car and listen to it all the way to the station.

 

[geoff5093]

The encryption debate is ignorant.

It's mathematics. It can't be done in a practical manner regardless of how many people get together and wish and hope on the web. It would be nice if the issue would finally be accepted and forgotten.

That's what they said about WEP, now with faster computers it can be cracked in record time.

 

[Token]

with billions of codes, time to write them to the RX, realize that one does nto work, and then move on to the next code would take YEARS. even if you did 1 a second it would take a couple decades to go thru all possible codes! and soon as you get it, all they have to do is change the code and you start over again.

Again, I agree that it is not practical and will not be done at a "general" level, other than isolated experiments maybe. However, what you have described would not be the way to do it.

Record one signal from a group, digitize it with adequate fidelity (probably at the RF level), model the RX in something like MATLAB SIMULink or a custom built faster model, apply brute force crack to the digitized sample. Part of the model would have to recognize that the transmission was clean and so the crack was probably done, but that is just another sub part of the model. Rinse and repeat. No need to have all the delays. Not a trivial task, any of it, but not impossible. I am not sure how fast each could be cycled, but as you could do it at multple times real transmitted data speed I bet it could be a lot faster than trying to do it with a radio in the loop.

Once the key is known for a group it is good until it is changed, but if you can crack it quickly that would still allow use as I doubt they would get to the point of changing keys on even a weekly basis. I know for sure our local PD has not changed key in years, they feel they don't need to.

This is why military keys are changed so frequently. It may be highly unlikely that your key is cracked, but it is NOT impossible. So, the military, really wanting and needing security, has a huge logistics tail in place to change keys far more often than they could be cracked, and even if one is cracked it will only be used for a very short time so the damage is minimized.

 

[fourthhorseman]

Now go do something constructive and get yourselves a job with the PD. Or get yourselves arrested.

So i suppose Your being Ultra Productive,,Telling others to go get a life,,,HILARIOUS!

with all due respect,ive got a dammed good job,
(on top of that,i took the civ-service exams for Fire,SheriffsHOC and City PD,,Passed,and decie to
pursue other interests..)
and a fairly productive life,,a smokin hot wife,,and 3 smart as hell,beautiful kids..
Andi have the great opportunity to Think Outside the Box...

Im pretty sure that is still legal...